• 



(19) 




Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 



(12),. 



(43) Date of publication: 

30.01.2002 Bulletin 2002/05 

(21 ) Application number: 01300991 .5 

(22) Date of filing: 05.02.2001 



(11) EP 1 176 490 A2 

EUROPEAN PATENT APPLICATION 

(51) lot C17: G06F 1/00 



(84) Designated Contracting Stales: 

AT BE CH CY DE DK ES Fl FR GB GR IE IT LI LU 
MC NL PT SETR 
^' • ' .Designated Extension States: 
AL LT LV MK RO SI 

(30) Priority: 19.07.2000 JP 2000218408 

(71) Applicant: Hitachi Ltd. 
Tokyo (JP) 

(72) Inventors: 

• Kawatsura. Yoshiaki, c/o Hitachi Ltd., Int. Pr. Of 
Chiyoda-ku, Tokyo 100 (JP) 



• Chiba, Hiroyuki, c/o Hitachi Ltd.. Int. Pr. Office 
Chiyoda-ku, Tokyo 100 (JP) 

• Watanabe, Kiyoshi, c/o Hitachi Ltd., Int. Pr. Off. 
Chiyoda-ku, Tokyo 100 (JP) 

• Morita. Akira, c/o Hitachi Ltd., Int. Prop. Office 
Chlyoda-ku, Tokyo 100 (JP) 

• Tomiyama, Tomochika, c/o Hitachi Ltd., 
Int. Pr. O. 

Chiyoda-ku, Tokyo 100 (JP) 

• Akutsu, Takeshi, c/o Hitachi Ltd., Int. Pr. Office 
Chiyoda-ku, Tokyo 100 (JP) 

(74) Representative: Calderbank, Thomas Roger et al 
MEWBURN ELLIS York House 23 KIngsway 
London WC2B 6HP (GB) 



(54) Apparatus and method for the distribution of encrypted contents 



(57) Recipient machine sends a contents request 
message with recipient's public key to entitlement prant- 
er machine. On the entitlement granter machine, digital 
rights data relevant to the contents request is encrypted 
with the recipient's public key. Encrypted digital rights 
data with the entitlement granter's digital signature ther- 
eon is returned to recipient machine. On the recipient 
machine, encrypted digital rights data is decrypted with 
the recipient's secret key. The recipient machine sends 



a message containing digital rights data thus decrypted, 
recipient's public key, and the above encrypted data to 
contents distributor machine. The contents distributor 
machine, after verifying the above digital signature, en- 
crypts the received digital rights data with the recipient's 
public key, verifies the match between this encrypted 
data and the encrypted data existing in the message re- 
ceived, which authenticates the valid recipient, and en- 
crypts contents data with the recipient's public key and 
send encrypted contents to the recipient machine. 
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Description 

[0001] The present invention relates to contents dis- 
tribution method and system, particularly to those de- 
signed to verify that the sender of a request to get con- 
tents by a contents distribution service over a commu- 
nication network is entitled to receive the contents. 
[0002] When types of contents are delivered from a 
contents distributor to recipients of contents across a 
communication network, it may be desirable to verify 
that a recipient is the true one to receive the contents. 
In this case, in general, when the contents distributor Is 
requested to deliver contents to a recipient, it verifies 
that the recipient is valid for receiving the contents be- 
fore the recipient receives the contents. In order to pre- 
vent password stealing over the network or snatching 
the received contents, a Secure Socket Layer (SSL) that 
is a means for encryption of a communication path is 
generally used. 

[0003] Meanwhile, the Internet Engineer Task Force 
(IETF), an international standardization organization, is 
now making efforts to standardize an Internet Open 
Trading Protocol (IOTP). In the IOTP, an entitlement 
grantor that entitles a rocipiont to receive contents and 
a distributor of the contents to the recipient are separate. 
Information about contents and information that a recip- 
ient is entitled to receive the contents are collected from 
a server working as the entitlement granter, and the ap- 
propriate information is sent from a recipient to the con- 
tents distributor so that the contents distributor will de- 
liver the contents to the recipient. 
[0004] The conventional contents distribution method 
according to the IOTP has the following problems. 
[0005] If a plurality of contents distributors exists to 
carry out the contents distributing service to recipients, 
a third-party organization may participate in this service 
to function as an agency for managing the delivery of 
contents en block. In this case, there is a possibility that 
the third-party organization copies contents and uses 
them. When distributing contents to a recipient, if the 
contents distributor wants to obtain infomiation about 
the recipient (information such as the address of the re- 
cipient if an article of goods Is sent thereto or question- 
naire information), it receives such information indirectly 
via the third-party organization as the agency. Even if 
the third party tampered with this information: there are 
no ways of detecting that. 

[0006] Under existing circumstances, the IOTP does 
not provide a mechanism of verifying that a recipient is 
the true one to receive the contents. It is possible that if 
a recipient transfers the data obtained heretofore to an- 
other person, another person can receive contents 
thereafter. 

[0007] An object of the present invention Is to provide 
contents distribution method and system whereby an 
entitlement granter that entitles a recipient to receive 
contents and a contents distributor are distinctly sepa- 
rated, and thus the entitlement granter is not involved in 
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the management of the contents data to be delivered to 
the recipient, and only the recipient entitled to receive 
the contents by the entitlement granter can receive the 
contents in safety. 
5 [0008] Another object of the invention is to provide 
contents distribution method and system whereby the 
contents distributor can correctly receive information 
from a valid contents recipient. 

[0009] With the aim of attaining the above objects, the 

10 inventor proposes a contents distribution method 
through the use of a communication network over which 
a recipient machine, an entitlement granter machine, 
and a contents distributor machine are interconnected, 
comprising: a step to be taken on the recipient machine 

^5 that is sending a message containing contents request 
Information that the recipient wants to get specific con- 
tents to the entitlement granter machine; a step to be 
taken on the entitlement granter machine that compris- 
es sequenlia! actions of encrypting digital righls data rcl- 

20 evant to the above contents request information with the 
recipient's public key, putting digital signature using the 
entitlement granter's secret key to the thus encrypted 
digital rights data, and sending the encrypted digital 
rights data with the entitlement granter's digital signs- 

25 ture thereon to the recipient machine; a step to be taken 
on the recipient machine that comprises sequential ac- 
tions of decrypting the above encrypted digital rights da- 
ta with the recipient's secret key and sending a message 
containing digital rights data thus decrypted and the 

^0 above encrypted digital rights data with the entitlement 
granter's digital signature thereon to the contents dis- 
tributor machine; a step to be taken on the contents dis- 
tributor machine that comprises sequential actions of 
verifying the entitlement granter's digital signature by 

35 using the entitlement granter's public key, encrypting the 
received digital rights data with the recipient's public 
key, making sure that the thus encrypted digital rights 
data matches with the encrypted digital rights data ex- 
isting in the received message, encrypting contents data 

-^o to be sent to the recipient machine with the recipient's 
public key, and sending the thus encrypted contents da- 
ta to the recipient machine; and a step to be taken on 
the recipient machine that is decrypting the reqeived en- 
crypted contents data with the recipient's secret l?tey. 

45 [0010] The inventor also proposes a contents distri- 
bution method through the use of a communication net- 
work over which a recipient machine, an entitlement 
granter machine, and a contents distributor machine are 
interconnected, comprising: a step to be taken on the 

50 recipient machine that is sending a message^ontaining 
the recipient's public key and contents request informa- 
tion that the recipient wants to get specific contents to 
the entitlement granter machine; a step to be taken on 
the entitlement granter machine that comprises sequen- 

55 tial actions of encrypting digital rights data r^evant to 
the above contents request information with the recipi- 
ent's public key, putting digital signature using the enti- 
tlement granter's secret key to the thus encrypted digital 



2 



BNSDCXIO: <EP 1176490A2.J„> 



EP1 176 490 A2 



rights data, and sending the encrypted digital rights data 
with the enlltlemenl granler's digital signature thereon 
to the recipient machine; a step to be taken on the re- 
cipient machine that comprises sequential actions of de- 
crypting the above encrypted digital rights data with the 
recipient's secret key and sending a message contain- 
ing digital rights data thus decrypted, the above encrypt- 
ed digital rights data with the entitlement granter's digital 
signature thereon, and the recipient's public key to the 
contents disthbutor machine; a step to be taken on the 
contents distributor machine that comprises sequential 
actions of verifying the entitlement granter's digital sig- 
nature by using the entitlement granter's public key, en- 
"cr/pting the received digital rights data with the recipi- 
ent's public key, making sure that the thus encrypted dig- 
Ual rights data matches with the encrypted digital rights 
data existing in the received message, encrypting con- 
tents data to be sent to the recipient machine with the 
recipient's public key, and sending the Itius encrypted 
contents data to the recipient machine; and a step to be 
taken on the recipient machine that is decrypting the re- 
ceived encrypted contents data with the recipient's se- 
cret key. 

[0011] The above contents distribution methods arc 
further defined as follows. The methods further com- 
prise: a step of sending an entry form for acquiring In- 
formation about the recipient from the contents distrib- 
utor machine to the recipient machine after the action of 
making sure of encrypted digital rights data matching is 
carried out on the contents distributor machine; a step 
to be taken on the recipient machine that comprises se- 
quential actions of generating an entry form filled with 
data as a result of that the recipient enters necessary 
informallon into the received entry form, putting digital 
signature using the recipient's secret key to the entry 
form filled with data, and sending the entry fonn filled 
with data with the recipient's digital signature thereon to 
the contents distributor machine; and a step to be taken 
on the distributor machine that comprises sequential ac- 
tions of verifying the recipient's digital signature by using 
the recipient's public key and sending the contents data 
encrypted with the recipient's public key to the recipient 
machine. 

[0012] The above contents distribution methods are 
further defined as follows. When the entitlement granler 
machine sends the foregoing encrypted digital rights da- 
la to the recipient machine, a certificate that is objective 
authentication of the entitlement granter and Includes 
the entitlement granter's public key is attached to the 
data. When the recipient machine sends the foregoing 
digital rights data to the contents distributor machine, 
the above certificate of the entitlement grantor is at- 
tached to the data. The contents distributor machine 
verifies the above certificate of the entitlement granter 
and uses the entitlement granter's public key derived 
from the certificate of the entitlement granter when ver- 
ifying the entitlement granter's digital signature. 
[0013] The inventor also proposes a contents distri- 
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bution system having a recipient machine, an entitle- 
ment granter machine, and a contents distributor ma- 
chine interconnected over a communication network, 
comprising: a computer system built on the recipient 
machine and equipped with a means to send a message 
containing contents request information that the recipi- 
ent wants to get specific contents to the entitlement 
granter machine, a means to decrypt encrypted digital 
rights data sent from the entitlement granter machine 
with the recipient's secret key, a means to send a mes- 
sage containing digital rights data thus decrypted and 
the encrypted digital rights data with the entitlement 
granter's digital signature thereon to the contents dis- 
tributor machine, and a means to decrypt encrypted 
contents data sent from the contents distributor machine 
with the recipient's secret key; a computer system built 
on the entitlement granter machine and equipped with 
a means to encrypt digital rights data relevant to the 
above conlenls request information with the recipient's 
public key, a means to put the entitlement granter's dig- 
ital signature generated by using the entitlement grant- 
er's secret key to the thus encrypted digital rights data, 
and a means to send the encrypted digital rights data 
with the entitlement granter's digital signature thereon 
to the recipient machine; and a computer system- built 
on the contents distributor machine and equipped with 
a means to verify the entitlement granter's digital signa- 
ture by using the entitlement granter's public- key, a 
means to encrypt the received digital rights data with the 
recipient's public key and make sure that the thus en- 
crypted digital rights data matches with the encrypted 
digital rights data existing in the message received, and 
a means to encrypt contents data to be sent to the re- 
cipient machine with the recipient's public key and send 
the thus encrypted contents data to the recipient ma- 
chine. 

[0014] The inventor also proposes a contents distri- 
bution system having a recipient machine, an entitle- 
ment granter machine, and a contents distributor ma- 
chine interconnected over a communication network, 
comprising: a computer system built on the recipient 
machine and equipped with a means to send a message 
containing the recipient's public key and contents re- 
quest Information that the recipient wants to get specific 
contents to the entitlement granter machine, a means 
to decrypt encrypted digital rights data sent from the en- 
titlement grantermachine with the recipient's secret key, 
a means to send a message containing digital rights da- 
ta thus decrypted, the encrypted digital rights data with 
the entitlement granter's digital signature thereon, and 
the recipient's public key to the contents distributor ma- 
chine, and a means to decrypt encrypted contents data 
sent from the contents distributor machine with the re- 
cipient's secret key; a computer system built on the en- 
titlement granter machine and equipped with a means 
to encrypt digital rights data relevant to the above con- 
tents request information with the recipient's public key, 
a means to put the entitlement granler's digital signature 
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generated by using the entitlement granter's secret key 
to the thus encrypted digital rights data, and a means to 
send the encrypted digital rights data with the entitle- 
ment grantor's digital signature thereon to the recipient 
machine; and a computer system built on the contents 5 
distributor machine and equipped with a means to verify 
the entitlement granter's digital signature by using the 
entitlement granter's public key, a means to encrypt the 
received digital rights data with the recipient's public key 
and make sure that the thus encrypted digital rights data io 
matches with the encrypted digital rights data existing 
in the message received, and a means to encrypt con- 
tents data to be sent to the recipient machine with the 
recipient's public key and send the thus encrypted con- 
tents data to the recipient machine. '5 
[0015] The above contents distribution systems are 
further defined as follows. The computer system built on 
the contents distributor machine is further equipped with 
a means to send an entry form for acquiring information 
about the recipient to the recipient machine after making 
sure of encrypted digital rights data matching. The com- 
puter system built on the recipient machine is further 
equipped with a means to generate an entry form filled 
with data as a result of that the recipient enters neces- 
sary information into the received entry form, put digital 25 
signature using the recipient's secret key to the entry 
form filled with data, and send the entry form filled with 
data with the recipient's digital signature thereon to the 
contents distributor machine. The computer system built 
on the contents distributor machine is further equipped 30 
with a means to verify the recipient's digital signature by 
using the recipient's public key and then send the con- 
tents data encrypted with the recipient's public key to 
the recipient machine. 

[0016] The above contents distribution systems are 35 
further defined as follows. The means to send the fore- 
going encrypted digital rights data to the recipient ma- 
chine, provided on the entitlement granter machine at- 
taches a certificate that is objective authentication of the 
entitlement granter and includes the entitlement grant- -^o 
er's public key to the data to send. The means to send 
the foregoing digital rights data to the contents distribu- 
tor, provided on the recipient machine attaches the 
above certificate of the entitlement granter to the data 
to send. -^5 
[0017] The means to verify the entitlement granter's 
digital signature, provided on the contents distributor 
machine verifies the above certificate of the entitlement 
granter and uses the entitlement granter's public key de- 
rived from the certificate of the entitlement granter when so 
verifying the entitlement granter's digital signature. 
[0018] According to the present invention, only a valid 
recipient entitled to receive contents can decrypt the 
contents with the recipient's secret key on the recipient 
machine. Therefore, only the valid recipient can receive 55 
the contents. 

[0019] As described above, after executing the en- 
crypted digital rights data matching check, the contents 
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distributor machine sends an entry form to Ihe recipient 
machine. After the entry form is filled with data, the form 
with the recipient's digital signature using the recipient's 
secret key put thereon is sent back, in this way. the con- 
tents distributor machine can receive the entry form 
filled with data that is assured of being not tampered 
with from a valid recipient. 

[0020] Other and further objects, features and advan- 
tages of the Invention will appear more fully from the fol- 
lowing description. 

- IN THE DRAWINGS: 

[0021] 

Fig. 1 is a diagram showing the conceptual structure 
of a preferred embodiment of a contents distribut- 
ing/receiving system to which the present invention 

is applied: 

Fig. 2 is a block diagram showing the configuration 
of a recipient's computer system built on the recip- 
ient machine; 

Fig. 3 is a block diagram showing the configuration 
of an entitlement granter's computer system built on 
the entitlement granter machine; 
Fig. 4 is a block diagram showing the configuration 
of a contents distributor's computer system built on 
the contents distributor machine; 
Fig. 5 is an overall flowchart illustrating message 
transfer between the machines in the contents dis- 
tributing/receiving system implementation for offer- 
ing of digital prizes as an internet business on the 
assumption that digital contents as giveaways are 
distributed/received; 

Fig. 6 shows the data structure of a message of re- 
quest to be entitled to get contents to be sent to the 
entitlement granter machine; 
Fig. 7 shows the data structure of digital rights data; 
Fig. 8 shows the data structure of encrypted digital 
rights data with digital signature thereon; and 
Fig. 9 shows the data structure of a message of re- 
quest to deliver contents. 

[0022] Preferred embodiments of the present ihven- 
tion will be described below in detail with reference to 
the drawings. 

[0023] Fig. 1 is a diagram showing the conceptual 
structure of a preferred embodiment of a contents dis- 
tributing/receiving system to which the present invention 
is applied. In the following description of the present em- 
bodiment, advertisement offering digital prizes is as- 
sumed to bo implemented as an Internet business and 
the contents distributing/receiving system used to dis- 
tribute/receive digital contents as giveaways will be dis- 
cussed as an example. <v 
[0024] As shown in Fig. 1 , the contents distributing/ 
receiving system as the present embodiment is having 
a recipient machine 100. an entitlement granter ma- 
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chine 110, and a contents distributor machine 1 20 inter- 
connecled over a network 130. On the recipient ma- 
chine 100, a recipient's computer system is built that Is 
used to apply for prizes and receive some digital con- 
tents as a giveaway if the applicant wins a prize. On the 
entitlement granter machine 110, an entitlement grant- 
er's computer system is built that is used to mail the ad- 
vertisement offering prizes, accept the application for 
prizes^carry out drawing lots, announce winning lots, 
andJsSue digital rights data that is equivalent to author- 
ization that authorizes the recipient who wins a prize to 
receive digital contents as a giveaway. On the contents 
distributor machine 1 20, a computer system is built that 
is operated by the contents distributor to actually man- 
age digital contents and send the digital contents to a 
valid recipient. In the system Implementation for offering 
of prizes, various kinds of Information are transferred 
among the machines 100, 110, and 120 over the net- 
work 130. 

[0025] As the machines 100, 110. and 120 on which 
each computer system is built, computers such as per- 
sonal computers and workstations that are now gener- 
ally and widely used may be used. These computers 
may be largerso-called general-purpose computers. Al- 
ternatively, instead of each Individual computer, a com- 
puter system comprising a plurality of computers inter- 
connected over a LAN of the organization where the 
host computer is installed may apply, provided it can im- 
plement the functions of each computer system that will 
be described later. Although three machines are Inter- 
connected over the network 130 as shown, the nuniber 
of interconnected computer systems built on the ma- 
chines is not limited to three and the network can inter- 
connect any number of machines on which computer 
systems are built. 

[0026] Fig. 2 Is a block diagram showing the configu- 
ration of a computer system built on the recipient ma- 
chine 1 00, a recipient of contents making use of the sys- 
tem. In this figure, the configuration shown comprises 
of essential entities to provide functions required for the 
system implementation of offering of prizes in the 
present embodiment. The computer system built on the 
recipient machine 1 00 may be provided with other func- 
tions. Functional components not having direct relation 
with the present Invention are neither shown nor de- 
scribed herein. 

[0027] As shown in Fig. 2, the computer system built 
on the recipient machine 100 is equipped with an oper- 
ator Interface for Inputting request to be entitled to get 
contents 205, a message generator of request to be en- 
titled to get contents 210, a key management 215, an 
entity to verify digital rights data received 220, a mes- 
sage generator of request to deliver contents 225, an 
entity to decrypt contents 235, a message sender 240, 
a message receiver 245, an entity to use contents 250, 
an output to screen 255, a generator of entry form filled 
with data 260, and a generator of entry form filled with 
data with digital signature thereon 265. 



[0028] The operator Interface for inputting request to 
be entitled to get contents 205 allows an operator who 
applies for prizes and may receive contents as a recip- 
ient to enter information for specifying contents the op- 

5 erator wants to get. This information may be given in 
advance from the entitlement granter and Input as such. 
[0029] The key management 215 retains the recipi- 
ent's secret key that is a private key of the recipient and 
shall not be opened to anyone else and the recipient's 

10 public key that is a counterpart mating with the recipi- 
ent's secrete key and may be open to a third party. 
[0030] The message generator of request to be enti- 
tled to get contents 210 couples the recipient's public 
key retrieved from the key management 215 on to the 

'5 data of request to be entitled to get contents delivered 
from the operator interface for inputting request to be 
entitled to gel contents 205 and thus generates a mes- 
sage of request to be entitled to get contents. The mes- 
sage is delivered to the message sender 240 from which 

20 it is sent to the entitlement granter machine 110. Al- 
though the recipient's public key and the data of request 
to be entitled to get contents are coupled in this context, 
they may be separately sent to the entitlement granter 
machine. If they are separately sent, the entitlement 

25 granter may obtain the recipient's public key in advance 
or after the above message of request to be entitled to 
get contents is sent thereto. 

[0031] The entity to verify digital rights data received 
220 receives encrypted digital rights data from the mes- 

30 sage receiver 245 and decrypts the digital rights data 
with the recipient's secret key retrieved from the key 
management 215. By making sure that the digital rights 
data can be decrypted with the recipient's secret key, it 
can be verified that the digital rights data has been given 

35 to the recipient who has received It properly. 

[0032] The message generator of request to" deliver 
contents 225 receives decrypted digital rights data from 
the entity to verify digital rights data received 220 and 
encrypted digital rights data with digital signature ther- 

40 eon from the message receiver 245. The message gen- 
erator of request to deliver contents 225 generates a 
message of request to deliver contents. This message 
is delivered to the message sender 240 from which it is 
sent to the contents distributor machine 120. 

45 [0033] The entity to decrypt contents 235 receives en- 
crypted contents from the message receiver 245 and 
decrypts the contents with the recipient's secrete key 
retrieved from the key management 215. The decrypted 
contents are delivered to the entity to use contents 250. 

so [0034] The generator of entry form filled with data 260 
enters data into an entry form that it received from the 
message rGCGiver245 and generates an entry form filled 
with data 260. The generator of entry form filled with da- 
ta with digital signature thereon 265 puts digital signa- 

55 ture using the recipient's secret key retrieved from the 
key management 215 to the entry form filled with data 
that it received from the generator of entry form filled 
with data 260. This generator 265 thus generates the 
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entry form filled with data with the recipient's digital sig- 
nature thereon and delivers It to the message sender 
240. 

[0035] Fig. 3 is a block diagram showing the configu- 
ration of an entitlement granter's computer system built 
on the entitlement granter machine 110. In this figure, 
the configuration shown comprises of essential entities 
to provide functions required for the system implemen- 
tation of offering of prizes in the present embodiment. 
The computer system built on the entitlement granter 
machine 110 may be provided with other functions. 
Functional components not having direct relation with 
the present invention are neither shown and nor de- 
scribed herein. 

[0036] As shown in Fig. 3, the computer system built 
on the entitlement granter machine 1 1 0 is equipped with 
a message receiver 305, an entity for drawing lots 310, 
a digital rights data management 315, an entity to en- 
crypt digital rights data 320, an entity to put digital sig- 
nature to encrypted digital rights data 325, a message 
sender 330, and a key and certificate management 335. 
[0037] The entity for drawing lots 310 receives a re- 
quest to be entitled to get contents from the message 
receiver 305 and determines whether the sender of the 
request wins a prize by lot so as to be entitled to receive 
the contents. 

[0038] If the entity for drawing lots 310 determines 
that the request sender is entitled to receive the con- 
tents, the entity to encrypt digital rights data 320 re- 
trieves digital rights data from the digital rights data man- 
agement 315, based on the message of the request to 
be entitled to get contents, and encrypts the digital rights 
data with the recipient's public key attached to the above 
message so that only the entitled recipient can exercise 
the right of the digital rights data. The digital rights data 
management 315 retains digital rights data for valid en- 
titlement. 

[0039] On receiving the encrypted digital rights data 
generated by the entity to encrypt digital rights data 320, 
the entity to put digital signature to encrypted digital 
rights data 325 generates digital signature data to au- 
thenticate that the entitlement granter has generated the 
encrypted digital rights data by using the entitlement 
granter's secret key retrieved from the key and certifi- 
cate management 335 and puts the entitlement grant- 
er's digital signature to the encrypted digital rights data. 
At the same lime, an entitlement granter's certificate 
proving that a third-paily organization approved by the 
contents distributor acknowledges that the entitlement 
granter's public key mating with the entitlement granter's 
secret key is the true public key of the entitlement grant- 
er is also attached to the encrypted digital rights data. 
The encrypted digital rights data with the entitlement 
granter's digital signature thereon, thus generated, is 
delivered to the message sender 330. 
[0040] Fig. 4 is a block diagram showing the configu- 
ration of a contents distributor's computer system built 
on the contents distributor machine 120. In this figure, 



the configuralion shown comprises of essential entities 
to provide functions required for the system implemen- 
tation of offering of prizes in the present embodiment. 
The computer system built on the contents distributor 
5 machine 120 may be provided with other functions. 
Functional components not having direct relation with 
the present Invention are neither shown and nor de- 
scribed herein. 

[0041] As shown in Fig. 4, the computer system built 
10 on the contents distributor machine 1 20 is equipped with 
a message receiver 405, an entity to very digital signa- 
ture to encrypted digital rights data 410, an entity to en- 
crypt digital rights data 41 5, an entity for matching check 
420, a recipient data save area 425, an entry form gen- 
15 erator 430, an entity to verify digital signature to entry 
form filled with data 435, a contents management 440, 
an entity to encrypt contents 445, and a message send- 
er 450. 

[0042] The entity to very digit a! signalurs to encrypted 

20 digital rights data 4 1 0 verifies the digital signature infor- 
mation on the encrypted digital rights data included in 
the message of request to deliver contents that it re- 
ceived from the message receiver 405. This verification 
makes sure that the encrypted digital rights data is valid, 

25 that is, the data is Issued from the entitlement granter 
authorized to execute entitlement. 
[0043] The entity to encrypt digital rights data 415 re- 
ceives the digital rights data and the recipient's public 
key from the message receiver 405 and encrypts the 

30 digital rights data with the recipient's public key. To verify 
that the recipient's public key In the encrypted digital 
rights data, thus generated by the entity to encrypt digital 
rights data 415, is identical to the key used when the 
recipient applied for prizes by lot, the entity for matching 

35 check 420 perfonns the matching check between the 
above encrypted digital rights data and the encrypted 
digital rights data existing in the message delivered 
thereto from the message receiver 405. 
[0044] The entity to verify digital signature to entry 

■*o form filled with data 435 verifies the recipient's digital 
signature on the entry form filled with data that It re- 
ceived from the message receiver 405 by using the re- 
cipient's public key retrieved from the recipient data 
save area 425, and then stores that entry form flllecJ with 

"ts data Into the recipient data save area 425. 

[0045] The entity to encrypt contents 445 retrieves 
contents relevant to the digital rights data retained in the 
recipient data save area 425 from the contents manage- 
ment 440, encrypts the contents with the recipient's pub- 

50 lie key retained In the recipient data save area 425. and 
delivers the encrypted contents to the message sender 
450. Because the thus encrypted contents can be de- 
crypted only by the possessor of the recipient's secret 
key, the counterpart mating with the recipient's public 

55 key by which the contents were encrypted, the^ontents 
can be delivered in safety to only the authorized recipi- 
ent machine 100 that has been entitled to receive the 
contents by the entitlement granter machine 110. 
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[0046] Fig. 5 is an overall flowchart illuslraling mes- 
sage transfer between the machines in the contents dis- 
tributing/receiving system of the present embodiment. 
[0047] The recipient machine 100 is assumed to ob- 
tain fh advance the information for application for prizes 
from the entitlement granter machine 110. The recipi- 
ent's public key and its mating secret key are assumed 
to be retained beforehand in the key management 215. 
[0048]^ In step 510, a person who wants to apply for 
prizes^by lot enters the information on contents he or 
she wants to get through the operator interface for in- 
putting request to be entitled to get contents 205 on the 
recipient machine 100, when information for request for 
entitlement is generated. Then, the recipient's public 
key is retrieved from the key management 215 and a 
n:]essage of request to be entitled to get contents is gen- 
erated from the recipient's public key and the informa- 
tion for request for entitlement. This message Is sent to 
the enlillemenl granler machine 110 in the step 510. Al- 
though, in the context herein^ the message of request 
to be entitled to get contents is assumed to contain the 
recipient's public key and the information for request for 
entitlement as described above, the recipient's public 
key may be sent to the Gntlllement granter machine 1 1 0 
separately from the above message of request. Alterna- 
tively, the entitlement granter machine 110 thai receives 
the above message of request may autonomously ob- 
tain the recipient's public key opened online. 
[0049] Fig. 6 shows the data structure of the message 
of request to be entitled to get contents to be sent to the 
entitlement granter machine 110. The message of re- 
quest to be entitled to get contents 700 comprises of the 
information for request for entitlement 710 and the re- 
cipient's public key 720. 

[0050] After the entitlement granter machine 110 re- 
ceives the message of request to be entitled to get con- 
tents 700, its entity for drawing lots 310 determines 
whether the sender of the request draws a winning or 
losing number by lot (step 512). If the request sender 
draws a losing number information that the sender drew 
a losing number is sent back to the recipient machine 
1 00 and the processing terminates. If the request send- 
er draws a winning number, digital rights data relevant 
to the information for request for entitlement 710 is re- 
trieved from the digital rights data management 315. 
[0051] Fig. 7 shows the data structure of digital rights 
data. The digital rights data 900 comprises of a contents 
distributor address 910 that specifies where the con- 
tents distributor machine 120 is and contents ID infor- 
mation (number) 920 that identifies the contents to be 
distributed by the contents distributor machine 120. 
[0052] Then, the digital rights data is encrypted with 
the recipient's public key 720 (step 51 4). This encryption 
limits its decryption so that only the recipient that pos- 
sesses the recipient's secret key, the counterpart mating 
with the recipient's public key can decrypt the digital 
rights data, or in other words, only t-he recipient machine 
1 00 of the recipient who drew a winning number can do. 



Following the digital rights data encryption, the entitle- 
ment granter's secret key is retrieved from the key and 
certificate management 335, entitlement granter's digit- 
al signature is put to the encrypted digital rights data. 

5 and its certificate including the entitlement granter's 
public key, the counterpart mating with the entitlement 
granter's secret key is also attached to the digital rights 
data, thereby assuring that the entitlement granler has 
generated the encrypted digital rights data (step 516). 

10 The encrypted digital rights data with signature thereon 
1000, thus generated, is sent to the recipient machine 
100 (step 520). 

[0053] The digital signature is unique data that is ob- 
tained by using a predetermined hash function and 

15 passed between the machines involved. In this context, 
the digital signature is infonnatlon obtained by determin- 
ing a hashed value of the encrypted digital rights data 
and encrypting this value with the entillemeni granter's 
secrete key. The hash function is a one-way function by 

20 which compressed data that can be uniquely bound to 
the original data can be created. The certificate is issued 
by a third party to contain information for objective au- 
thentication of its possessor. In this context, the certifi- 
cate is data on which the third party puts the digital sig- 

^5 nature of its secret key information to the public key in- 
formation corresponding to the secret key information 
privately used by the organization to be authenticated. 
Upon the reception of the certificate with the digital sig- 
nature thereon, the organization that put their digital sig- 

30 nature thereto can be identified by the digital signature. 
[0054] Fig. 8 shows the data structure of the encrypt- 
ed digital rights data with signature thereon. The en- 
crypted digital rights data with signature thereon 1000 
comprises of the encrypted digital rights data 1 01 0 gen- 

35 erated by encrypting the digital rights data 900iWith the 
recipient's public key 720, the entitlement granter's dig- 
ital signature 1 020 that is the digital signature put to the 
encrypted digital rights data 1010, and the entitlement 
granter's certificate 1 030 that is the certificate of the en- 

-^0 titlement granter set in this field. 

[0055] In the present embodiment, immediately after 
the entitlement granter machine 110 receives the infor- 
mation for request for entitlement 710, drawing lots is 
executed and the encrypted digital rights data with sig- 

-^5 nature thereon 1000 is returned to the sender of the re- 
quest if the sender draws a winning number. This 
processing, however, may be executed otherwise, for 
example, in the following way; the entitlement granter 
machine 1 1 0 accepts and accumulates messages of re- 

50 quests to. be entitled to get contents sent from a plurality 
of recipient machines, drawing lots is executed for ac- 
cumulated requests after a certain period, and the en- 
crypted digital, rights data with signature thereon 1000 
is sent back to the request senders who drew a winning 

55 number, that is, won a prize. In this case, the encrypted 
digital rights data with signature thereon 1000 may be 
e-mailed to the recipient machines 100 of the recipients 
who won a prize or may go public on the World Wide 



7 



BNSDOCIO- <EP_ . 1 176490A2_L> 



13 



EP 1 176 490 A2 



14 



Web (WWW) so thai each recipient machine 100 nnay 
access the WWW server to obtain this infoimation. Even 
if someone who did not win a prize attempts to obtain 
the encrypted digital rights data with signature thereon 
1 000, he or she cannot decrypt this data without the se- 5 
cret key of the recipient who won a prize. 
[0056] To get back to Fig. 5, after the recipient ma- 
chine 1 00 receives the encrypted digital rights data with 
signature thereon 1000, its entity to verify digital rights 
data received 220 retrieves the recipient's secret key io 
from the key management 215 and decrypts the en- 
crypted digital rights data 1010 by using this key (step 
525). At this time, the recipient machine 1 00 may output 
the contents of the digital rights data 900 onto the 
screen, allowing the recipient to check on it. Then, the '5 
message generator of request to deliver contents 225 
attaches the recipient's public key used for decryption 
and the decrypted digital rights data to the encrypted 
digital righls data with signature thereon 1000, thus 
making a message of request to deliver contents, and 
sends this message to the contents distributor machine 
1 20 (step 530). At this time, the recipient machine sends 
the message to the contents distributor machine by re- 
ferring to the contents distributor address 910 included 
in the digital rights data 900. ^5 
[0057] Fig. 9 shows the data structure of the message 
of request to deliver contents. The message of request 
to deliver contents 1200 includes the digital rights data 
1210 and the recipient's public key 1220 (this is, in fact, 
identical to the recipient's public key 720) in addition to 30 
the encrypted digital rights data with signature thereon 
1000. 

[0058] After the contents distributor machine 120 re- 
ceives the message of request to deliver contents 1 200, 
its entity to very digital signature 41 0 checks the entitle- 35 
ment granter's digital signature 1020 by using the enti- 
tlement granter's certificate 1030 in step 533 to see 
whether the encrypted digital rights data 1010 has been 
issued from the entitlement grantor that proves authen- 
tic to the contents distributor machine 120 and makes a -^o 
judgment according to the result of the check. This 
check comprises checking to judge whether the certifi- 
cate is the certificate of the entitlement grantor under 
contract with the contents distributor for contents distri- 
bution and comparing a hashed value obtained by de- -^5 
crypting the digital signature by using the entitlement 
granter's public key information derived from the certif- 
icate and a hashed value derived from the encrypted 
digital rights data 1 01 0. As the result of the judgment, if 
either the encrypted digital rights data or the entitlement 
granter's digital signature is invalid, the processing ter- 
minates after error processing is executed. 
[0059] After the validity of the entitlement granter*s 
digital signature is verified in the step 633, the entity to 
encrypt digital rights data 415 encrypts the digital rights 55 
data 1210 with the recipient's public key 1220. Then, 
matching check between the thus encrypted digital 
rights data and the encrypted digital rights data 1010 is 



executed. According to the result of this matching check, 
judgment is made to see whether the recipient's public 
key 1220 is identical to the public key 720 used when 
the recipient applied for prizes by lot and when the en- 
titlement granter machine 1 1 0 generated the encrypted 
digital rights data (step 536). If the judgment result is 
mismatch, the processing terminates after error 
processing is executed. 

[0060] If, by the matching check in the step 536, it has 
been verified that the recipient's public key 1 220 is iden- 
tical to the public key 720 used when the recipient ap- 
plied for prizes by lot and when the entitlement granter 
machine 1 1 0 generated the encrypted digital rights data, 
the appropriate contents are retrieved from the contents 
management 440 by using the contents ID intormation 
(number) 920 included in the digital rights data 900 re- 
tained in the recipient data save area 425. The entity to 
encrypt contents 445 encrypts the contents with the re- 
cipient's public key 720 (or 1 220) (slep 555) and the en- 
crypted contents are sent back to the recipient machine 
100 (step 560). 

[0061] The recipient machine 100 receives the en- 
crypted contents from the contents distributor machine 
120 and Its entity to decrypt contents 235 decrypts the 
contents with the recipient's secret key retrieved from 
the key management 215 and delivers the contents to 
the entity to use contents 250 where the contents are 
used. 

[0062] In the above embodiment, after the match be- 
tween both encrypted digital righls data has been veri- 
fied by the machining check in the step 536, a recipient 
information acquisition phase (570) may start if neces- 
sary so that the contents distributor will receive recipient 
information such as questionnaires from the recipient. 
In this case, the contents distributor machine 120 gen- 
erates an entry form about information to receive and 
sends the entry form to the recipient machine 100 (step 
540). The recipient machine 1 00 displays the entry form 
on the screen through the output to screen 255. The re- 
cipient enters necessary infonnation into the displayed 
form through the input device, thus generating an entry 
form filled with data. Digital signature is generated by 
using the recipient's secrete key and put to the entry 
form filled with data and the entry form filled with^data 
with the recipient's digital signature thereon is sent back 
to the contents distributor machine In step 550. On the 
contents distributor machine 120, the recipient's digital 
signature is verified, based on the recipient's public key 
retrieved from the recipient data save area 425. Once it 
has been made sure that the sender of the entry form is 
the recipient who won a prize, the data in th^ entry form 
is saved into the recipient data save area 425. The re- 
cipient information acquisition phase (570) can be re- 
peated if necessary. 

[0063] Although digital contents are used a^the prize 
giveaways in the foregoing embodiment, some goods 
may be used as the prize giveaways. In this case, to 
avoid the supply of false Information on the address to 
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which an article of goods is delivered, the delivered-to- 
address information must be obtained by using the re- 
cipient information acquisition phase (570). 
[0064] Although, in the forging embodiment, the con- 
tents distributing/receiving system used to distribute/re- 5 
ceive digital contents as giveaways was described as 
the system implementation for offering of digital prizes, 
the present invention can also be applied to a system 
implerQentalion for distributing digital contents as give- 
away^: according to points gained and stored into credit io 
cards/: 

[0065] As described above, according to the present 
invention, a third-party organization as the entitlement 
■granter that entitles a recipient to receive contents is not 
involved in the management of contents data to be de- ?5 
liyered to the recipient and only the entitled recipient can 
receive the contents in safely. The entitlement granter 
and the contents distributor need not directly transfer 
recipient information between them beforehand. The 
contents distributor need not create a database before- 20 
hand that is used for password management for recipi- 
ent access authorization. The contents distributor can 
receive an entry form filled with data that is assured of 
being not tampered with from a vailid recipient. This is 
effective particularly if the contents distributor delivers 
an article of goods as a giveaway to a recipient by mail 
because address information is surely obtained from a 
valid recipient. 

[0066] The foregoing invention has been described in 
terms of preferred embodiments. However, those 
skilled, in the art will recognize that many variations of 
such embodiments exit. Such variations are intended to 
be within the scope of the present invention and the ap- 
pended claims. 
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Claims 

1 . A contents distribution method through the use of a 
communication network over which a recipient ma- 
chine, an entitlement granter machine, and a con- 
tents distributor machine are Interconnected, com- 
prising: 



a step to be taken on the recipient machine that ^5 
is sending a message containing contents re- 
quest information thai the recipient wants to gel 
specific contents to the entitlement granter ma- 
chine; 

a step to be taken on the entitlement granter so 
machine that comprises sequential actions of 
encrypting digital rights data relevant to the 
contents request information with the recipi- 
ent's public key, putting digital signature using 
the entitlement granter's secret key to the thus 55 
encrypted digital rights data, and sending the 
encrypted digital rights data with the entitle- 
ment granter's digital signature thereon to the 



recipient machine; 

a step to be taken on the recipient machine that 
comprises sequential actions of decrypting the 
encrypted digital rights data with the recipient's 
secret key and sending a message containing 
digital rights data thus decrypted and the en- 
crypted digital rights data with the entitlement 
granter's digital signature thereon to the con- 
tents distributor machine; 
a step to be taken on the contents distributor 
machine that comprises sequential actions of 
verifying the entitlement granter's digital signa- 
ture by using the entitlement granter's public 
key, encrypting the digital rights data with the 
recipient's public key, making sure that the thus 
encrypted digital rights data matches with the 
encrypted digital rights data, encrypting con- 
tents data to be sent to the recipient machine 
with the recipient's public key, and sending the 
thus encrypted contents data to the recipient 
machine; and 

a step to be taken on the recipient machine that 
is decrypting the encrypted contents data with 
the recipient's secret key. 

A contents distribution method through the use of a 
communication network over which a recipient ma- 
chine, an entitlement granter machine, and a con- 
tents distributor machine are interconnected, com- 
prising: 

a step to be taken on the recipient machine that 
is sending a message containing the recipient' 
s public key and contents request information 
that the recipient wants to get specific contents 
to the entitlement granter machine; , 
a step to be taken on the entitlement granter 
machine that comprises sequential actions of 
encrypting digital rights data relevant to the 
contents request information with the recipi- 
ent's public key, putting digital signature using 
the entitlement granter's secret key to the thus 
encrypted digital rights data, and sending the 
encrypted digital rights data with the entitle- 
ment granter's digital signature thereon to the 
recipient machine; 

a step to be taken on the recipient machine lhal 
comprises sequential actions of dectypting the 
encrypted digital rights data with the recipient's 
secret key and sending a message containing 
digital rights data thus decrypted, the encrypted 
digital rights data with the entitlement granter's 
digital signature thereon, and the recipient's 
public key to the contents distributor machine; 
a step to be taken on the contents distributor 
machine that comprises sequential actions of 
verifying the entitlement granter's digital signa- 
ture by using the entitlement granter's public 
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key, encrypting the digital rights data with the 
recipient's public key, making sure that the thus 
encrypted digital rights data matches with the 
encrypted digital rights data, encrypting con- 
tents data to be sent to the recipient machine 5 
with the recipient's public key, and sending the 
thus encrypted contents data to the recipient 
machine; and 

a step to be taken on the recipient machine that 
is decrypting the encrypted contents data with 
the recipient's secret key. 

The contents distribution method according to claim 

1 , further comprising: 

15 

a step of sending an entry form for acquiring 
Information about the recipient from the con- 
tents distributor machine to the recipient ma- 
chine after the action of making sure of encrypt- 
ed digital rights data matching is carried out on 20 
the contents distributor machine; 
a step to be taken on the recipient machine that 
comprises sequential actions of generating an 
entry form filled with data as a result of that the 
recipient enters necessary information into the 25 
entry form, putting digital signature using the 
recipient's secret key to the entry form filled with 
data, and sending the entry form filled with data 
with the recipient's digital signature thereon to 
the contents distributor machine; and 30 
a step to be taken on the distributor machine 
that comprises sequential actions of verifying 
the recipient's digital signature by using the re- 
cipient's public key and sending the contents 
data encrypted with the recipient's public key to 35 
the recipient machine. 

The contents distribution method according to claim 

2, further comprising: 

40 

a step of sending an entry form for acquiring 
information about the recipient from the con- 
tents distributor machine to the recipient ma- 
chine after the action of making sure of encrypt- 
ed digital rights data matching is carried out on -^5 
the contents distributor machine; 
a step to be taken on the recipient machine that 
comprises sequential actions of generating an 
entry form filled with data as a result of that the 
recipient enters necessary information into the 50 
entry form, putting digital signature using the 
recipient's secret key to the entry form filled with 
data, and sending the entry form filled with data 
with the recipient's digital signature thereon to 
the contents distributor machine; and ss 
a step to be taken on the distributor machine 
that comprises sequential actions of verifying 
the recipient's digital signature by using the re- 



cipient's public key and sending the contents 
data encrypted with the recipient's public key to 
the recipient machine. 

5. The contents distribution method according to claim 

1, wherein: 

when the entitlement granter machine sends 
the encrypted digital rights data to the recipient 
machine, a certificate that is objective authen- 
tication of the entitlement granter and includes 
the entitlement grantor's public key is attached 
to the data; 

when the recipient machine sends the digital 
rights data to the contents distributor machine, 
the certificate of the entitlement granter is at- 
tached to the data; and 
the contents distributor machine verifies the 
certificate of the enlillemenl granter and uses 
the entitlement granter's public key derived 
from the certificate of the entitlement granter 
when verifying the entitlement granter's digital 
signature. 

6. The contents distribution method according to claim 

2, wherein: 

when the entitlement granter machine sends 
the encrypted digital rights data to the recipient 
machine, a certificate that is objective authen- 
tication of the entitlement granter and Includes 
the entitlement granter's public key is attached 
to the data; 

when the recipient machine sends the digital 
rights data to the contents distributor machine, 
the certificate of the entitlement granter Is at- 
tached to the data; and 
the contents distributor machine verifies the 
certificate of the entitlement granter and uses 
the entitlement granter's public key derived 
from the certificate of the entitlement granter 
when verifying the entitlement granter's digital 
signature. 

7. The contents distribution method according to claim 

3, wherein: 

when the entitlement granter machine sends 
the encrypted digital rights data to the recipient 
machine, a certificate that is objective'authen- 
tication of the entitlement granter and Includes 
the entitlement granter's public key is attached 
to the data; 

when the recipient machine sends the digital 
rights data to the contents distributor machine, 
the certificate of the entitlement granter is at- 
tached to the data; and 
the contents distributor machine verifies the 
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certificate of the entitlement granter and uses 
the entitlement granter*s public key derived 
from the cerlificale of the entitlement granter 
when verifying the entitlement granter's digital 
^" . signature. 5 

A contents distribution system having a recipient 
machine, an entitlement granter machine, and a 
contents distributor machine interconnected over a 
• corhmunication network, comprising: io 

a computer system built on the recipient ma- 
chine and comprised of a means lo send a mes- 
sage containing contents request information 
that the recipient wants to get specific contents '5 
to the entitlement granter machine, a means to 
decrypt encrypted digital rights data sent from 
the entitlement granter machine with the recip- 
ient's secret key, a means lo send a message 
containing digital rights data thus deciypted 20 
and the encrypted digital rights data with the 
entitlement granter's digital signature thereon 
to the contents distributor machine, and a 
means to decrypt encrypted contents data sent 
from the contents distributor machine with the 25 
recipient's secret key. 

a computer system built on the entitlement 
granter machine and comprised of a means to 
encrypt digital rights data relevant to the con- 
tents request information with the recipient's 30 
public key, a means to put the entitlement grant- 
er's digital signature generated by using the en- 
titlement granter's secret key to the thus en- 
crypted digital rights data, and a means to send 
the encrypted digital rights data with the entitle- 35 
ment granter's digital signature thereon to the 
recipient machine; and 

a computer system built on the contents distrib- 
utor machine and comprised of a means to ver- 
ify the entitlement granter's digital signature by "to 
using the entitlement granter's public key, a 
means to encrypt the digital rights data with the 
recipient's public key and make sure that the 
thus encrypted digital rights data matches with 
the encrypted digital rights data, and a means 
to encrypt contents data to be sent to the recip- 
ient machine with the recipient's public key and 
send the thus encrypted contents data to the 
recipient machine. 

so 

A contents distribution system having a recipient 
machine, an entitlement granter machine, and a 
contents distributor machine interconnected over a 
communication network, comprising: 

55 

a computer system built on the recipient ma- 
chine and comprised of a means to send a mes- 
sage containing the recipient's public key and 



contents request information that the recipient 
wants to get specific contents to the entitlement 
granter machine, a means to decrypt encrypted 
digital rights data sent from the entitlement 
granter machine with the recipient's secret key, 
a means to send a message containing digital 
rights data thus decrypted, the encrypted digital 
rights data with the entitlement granter's digital 
signature thereon, and the recipient's public 
key to the contents distributor machine, and a 
means to decrypt encrypted contents data sent 
from the contents distributor machine with the 
recipient's secret key. 

a computer system built on the entitlement 
granter machine and comprised of a means to 
encrypt digital rights data relevant to the con- 
tents request information with the recipient's 
public key, a means to put the entitlement grant- 
er's digital signature generated by using the en- 
titlement granter's secret key to the thus en- 
crypted digital rights data, and a means to send 
the encrypted digital rights data with the entitle- 
ment granter's digital signature thereon lo the 
recipient machine; and 

a computer system built on the contents distrib- 
utor machine and comprised of a means to ver- 
ify the entitlement granter's digital signature by 
using the entitlement granter's public key, a 
means to encrypt the digital rights data with the 
recipient's public key and make sure that the 
thus encrypted digital rights data matches with 
the encrypted digital rights data, and a means 
to encrypt contents data to be sent to the recip- 
ient machine with the recipient's public key and 
send the thus encrypted contents data to the 
recipient machine. 

10. The contents distribution system according to claim 
8, wherein: 

the computer system built on the contents dis- 
tributor machine is further comprised of a 
means to send an entry form for acquiring in- 
formation about the recipient to the recipient 
machine after making sure of encrypted digital 
rights data matching; 

the computer system built on the recipient ma- 
chine is further comprised of a means to gen- 
erate an entry form filled with data as a result 
of that the recipient enters necessary informa- 
tion into the entry form, put digital signature us- 
ing the recipient's secret key to the entry form 
filled with data, and send the entry form filled 
with data with the recipient's digital signature 
thereon to the contents distributor machine; 
and 

the computer system built on the contents dis- 
tributor machine is further comprised of a 
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means to verify the recipient's digital signature 
by using the recipient's public key and then 
send the contents data encrypted with the re- 
cipient's public key to the recipient machine. 

11. The contents distribution system according to claim 
9, wherein: 

the computer system built on the contents dis- 
tributor machine is further comprised of a 
means to send an entry form for acquiring in- 
formation about the recipient to the recipient 
machine after making sure of encrypted digital 
rights data matching; 

the computer system built on the recipient ma- 
chine is further comprised of a means to gen- 
erate an entry form filled with data as a result 
of that the recipient enters necessary infomria- 
tion into the entry form, put digital signature us- 
ing the recipienrs secret key to the entry form 
filled with data, and send the entry form filled 
with data with the recipient's digital signature 
thereon to the contents distributor machine; 
and 

the computer system built on the contents dis- 
tributor machine is further comprised of a 
means to verify the recipient's digital signature 
by using the recipient's public key and then 
send the contents data encrypted with the re- 
cipient's public key to the recipient machine. 

12. The contents distribution system according to claim 

8, wherein: 

the means to send the encrypted digital rights 
data to the recipient machine, provided on the 
entitlement granter machine attaches a certifi- 
cate that is objective authentication of the enti- 
tlement granter and includes the entitlement 
grantor's public key to the data to send; 
the means to send the digital rights data to the 
contents distributor, provided on the recipient 
machine attaches the certificate of the entitle- 
ment granter to the data to send; and 
the means to verify the entitlement grantor's 
digital signature, provided on the contents dis- 
tributor machine verifies the certificate of the 
entitlement granter and uses the entitlement 
grantor's public key derived from the certificate 
of the entitlement granter when verifying the en- 
titlement granter's digital signature. 

1 3. The contents distribution system according to claim 

9, wherein: 

the means to send the encrypted digital rights 

data to the recipient machine, provided on the 
entitlement granter machine attaches a certifi- 
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cate that is objective authentication of the enti- 
tlement granter and includes the entitlement 
granter's public key to the data to send; 
the means to send the digital rights data to the 
5 contents distributor, provided on the recipient 

machine attaches the certificate of the entitle- 
ment granter to the data to send; and 
the means to verify the entitlement granter's 
digital signature, provided on the contents dis- 
10 tributor machine verifies the certificate of the 

entitlement granter and uses the entitlement 
granter's public key derived from the certificate 
of the entitlement granter when verifying the en- 
titlement granter's digital signature. 

15 

14. The contents distribution system according to claim 
10, wherein: 

liie means to send the encrypted digital rights 

2o data to the recipient machine, provided on the 

entitlement granter machine attaches a certifi- 
cate that is objective authentication of the enti- 
tlement granter and includes the entitlement 
granter's public key to the data to send; 

25 the means to send the digital rights data to the 

contents distributor, provided on the recipient 
machine attaches the certificate of the entitle- 
ment granter to the data to send; and 
the means to verify the entitlement granter's 

30 digital signature, provided on the contents dis- 

tributor machine verifies the certificate of the 
entitlement granter and uses the entitlement 
granter's public key derived from the certificate 
of the entitlementgranter when verifyingthe en- 

35 titlement granter's digital signature. 

15. An entitlement granter machine connected to a re- 
cipient machine operated by a recipient who wants 
to get contents data across a network, 

-^0 a computer system built on the entitlement 

granter machine being comprised of a means to re- 
ceive a message containing contents request infor- 
mation that the recipient want to get specific con- 
tents from the recipient machine, a means' tb en- 
crypt digital rights data relevant to the contents re- 
quest information with the recipient's public key, a 
means to put the entitlement granter's digital signa- 
ture generated by using the entitlement granter's 
secret key to the thus encrypted digitakrights data, 

50 and a means to send the encrypted digital rights da- 
ta with the entitlement granter's digital signature 
thereon to the recipient machine. 

16. An entitlement granter machine connected with a 
55 recipient machine operated by a recipient who 

wants to get contents data across a network, 

a computer system built on the entitlement 
granter machine being comprised of a means to re- 
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24 



ceive a message containing contents request infor- 
mation that the recipient want to get specific con- 
tents and the recipient's public key from the recipi- 
ent machine, a means to encrypt digital rights data 
relevant to the contents request information with the 
recipient's public key, a means to put the entitlement 
granter's digital signature generated by using the 
entitlement granter's secret key to the thus encrypt- 
ed^digtlal rights data, and a means to send the en- 
-crypted digital rights data with the entitlement grant- 
er's digital signature thereon to the recipient ma- 
chine. 

1 7. The entitlement granter machine according to claim 
15, wherein: 

H, , the computer system built on the entitlement 
granter machine is further comprised of a means to 
extract digital rights data that has been put under 
management beforehand, based on the contents 
request information. 

18. A contents distributor machine connected with a re- 
cipient machine across a network, 

a computer system built on the contents dis- 
tributor machine being comprised of a means to re- 
ceive digital rights data relevant to contents request 
information, encrypted digital rights data generated 
by encrypting the digital rights data with the recipi- 
ent's public key, and the entitlement granter's digital 
signature put to the encrypted digital rights data, a 
means to verify the entitlement granter's digital sig- 
nature by using the public key of the entitlement 
granter a means to encrypt the digital rights data 
with the recipient' s public key and make sure that 
the thus encrypted digital rights data matches with 
received encrypted digital rights data, a means to 
encrypt contents data to be sent to the recipient ma- 
chine with the recipient's public key, and a means 
to send the thus encrypted contents data to the re- 
cipient machine. 



10 



15 



public key. and a means to send the thus encrypted 
contents data to the recipient machine. 

20. The contents distributor machine according to claim 
19, wherein: 

the computer system built on the contents dis- 
tributor machine is further comprised of a 
means to send an entry form for acquiring in- 
formation about the recipient to the recipient 
machine and a means to receive the entry form 
filled with data with the recipient's digital signa- 
ture encrypted with the recipient's secret key 
thereon if the match between the digital rights 
data encrypted with the recipient's public key 
and the received encrypted digital rights data 
has been verified; and 

a means to encrypt contents data to be sent to 
the recipient machine with the recipient's public 
key if the validity of the recipient's digital signa- 
ture put to the received form has been verified 
by using the recipient's public key. 



25 



30 



35 



40 



1 9. A contents distributor machine connected with a re- 
cipient machine across a network, 

a computer system built on the contents dis- 
tributor machine being comprised of a means to re- -^s 
ceive digital rights data relevant to contents request 
information, encrypted digital rights data generated 
by^ encrypting the digital lights data with the recipi- 
ent's public key, the entitlement granter's digital sig- 
nature put to the encrypted digital rights data, and so 
the recipient's public key, a means to verify the en- 
titlement grantor's digital signature by using tho 
public key of the entitlement granter, a means to en- 
crypt the digital rights data with the recipient's public 
key and make sure that the thus encrypted digital 55 
rights data matches with received encrypted digital 
rights data, a means to encrypt contents data to be 
sent to the recipient machine with the recipient's 
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